>>> On 8/18/2008 at 5:00 PM, David DeSimone <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dan Lynch <[EMAIL PROTECTED]> wrote: >> >> After the first file is transferred, the data connection is torn down, >> and a new data connection is attempted using the same source port. > > I thought that this was not legal according to TCP RFC's. A TCP > implementation is supposed to allow a period of two minutes after a > connection is closed before it is valid to open another connection using > the exact same source and destination ports.
AFAIK, it's not "illegal" under the RFCs since it turns out to be somewhat difficult to enforce completely. But it is very strongly recommended to not reuse ports. Why difficult to enforce? One example is the problem of when a host is reset (hard reboot). Say the host automatically starts some TCP connection after being reset to a specific service (fixed destination source) on a specific remote host (fixed destination IP). This host start using ephemeral ports from the same starting point after each reset. The connection will have the same source IP, source port, destination IP, destination port after each reboot. Now imagine that this TCP is up the whole time the host is up. That TCP connection _always_ will have the same IP and ports. This does happen with simple TCP/IP stacks in embedded devices. And this can get messed up by "Smart Connection Reuse." BĀ¼information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [EMAIL PROTECTED] Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
